The AUDIT_TRAIL parameter turns auditing on or off for the database. If we don’t want auditing to be turned on, do nothing, since the default value for this parameter is none, or false, which disables database auditing. If we want auditing turned on, we can set the AUDIT_TRAIL parameter to any of the following values:
• os: Oracle writes the audit records to an operating system audit trail, which is an operating system file, including audit records from the OS, audit records for the SYS user, and those database actions that are always automatically audited.
• db: Oracle records the same type of auditing as with the os setting, but it directs all audit records to the database audit trail, which is the AUD$ table owned by SYS.
• none: This value disables auditing.
• db,extended: This is similar to the db setting, but also provides extended audit information like the SQLBIND and SQLTEXT columns of the SYS.AUD$ table.
In addition, you have two XML-related AUDIT_TRAIL values (new in Oracle Database 10.2):
• XML: This value for audit trail enables database auditing and writes audit details to OS files in XML format.
• XML,EXTENDED: This value prints all database audit records plus the SQLTEXT and SQLBIND values to OS files in the XML format.
The parameter is set as follows: AUDIT_TRAIL = db
Default value: none
Parameter type: Static
Chapter 11 provides more information about auditing actions within an Oracle database.
Even if we don’t set the AUDIT_TRAIL parameter to any value, Oracle will still write audit information to an operating system file for all database actions that are audited by default. On a UNIX system, the default location for this file is the $ORACLE_HOME/rdbms/audit directory. Of course, we can specify a different directory if we wish. See Chapter 11 for more details on this feature.
The AUDIT_FILE_DEST parameter specifies the directory in which the database will write the audit records, when we choose the operating system as the destination with the AUDIT_TRAIL parameter by specifying AUDIT_TRAIL=os. We can also specify this parameter if we choose the XML or XML,EXTENDED options for the AUDIT_TRAIL option, since the audit records are written to operating system files in both cases.
Default value: $ORACLE_HOME/rdbms/audit
Parameter type: Dynamic. You can modify this parameter with the ALTER SYSTEM . . . DEFERRED command.
This parameter, if set to a value of true, will audit all actions of the SYS user and any other user with a SYSDBA or SYSOPER role and will write the details to the operating system audit trail specified by the AUDIT_TRAIL parameter. By writing the audit information to a secure operating system location, we remove any possibility of the SYS user tampering with an audit trail that is located within the database. The possible values are true and false.
Default value: false
Parameter type: Static